15.1.1 Understanding Oracle Virtual Directory Data Browsers

Oracle Virtual Directory provides the following types of data browsers:

Client View browser

Adapter browser

Both the Client View and Adapter browsers are automatically created when you define a new Oracle Virtual Directory server. Oracle Virtual Directory uses DSMLv2 over its administrative gateway to retrieve the data presented by the browsers.

Client View Browser

The Client View browser enables you to search and view the entire virtual directory tree (defined by all configured adapters) after Oracle Virtual Directory has performed all data mapping and transformation. Think of the Client View as the after view—what the data looks like after it is virtualized by Oracle Virtual Directory.

You can also import and export LDIF files to and from the Oracle Virtual Directory using the Client View data browser. LDIF is an industry standard textual interchange format designed for exchanging data between LDAP servers. LDIF files are typically used to import and export batch data and schema configuration changes.

Adapter Browser

The Adapter Browser enables you to view data as it exists in both LDAP and Database Adapter connected repositories. Think of the Adapter Browser view as the before view—what the data in LDAP and database repositories looks like before it is virtualized by Oracle Virtual Directory. When using the Adapter Browser to view databases, tables and fields appear as they exist in the original database, including sample table rows to assist in data modeling.

Notes:

When you click the name of an existing adapter in the Adapter Browser, the configuration of the adapter appears in the main Oracle Directory Services Manager screen. This adapter configuration information is read only—you cannot edit an adapter's configuration using the Adapter Browser.

Data from Join View and Local Store Adapters is not visible from the Adapter Browser.

The Client View browser enables you to view and search the entire virtual directory tree (defined by all configured adapters) after Oracle Virtual Directory has performed all data mapping and transformation. You can use the Client View browser to import and export LDIF files to and from the virtual directory. You can also modify and delete attributes of the virtual tree entries using the Client View Browser.

This section explains how to perform the following Client View browser tasks:

15.1.2.1 Searching the Virtual Directory Tree

You can search the virtual directory tree using the Client View data browser. There are two types of searches: simple and advanced. A simple search only searches the cn, uid, sn, givenname, mail, and initials attributes. An advanced search enables you to specify the search scope depth and other detailed search parameters.

Expand the Client View entry in the Data Tree. The namespaces of the entries in the virtual directory appear.

Navigate to the content you want to view by expanding the appropriate namespace.

Click the entry you want to view. The properties screen appears displaying the attributes and objectclasses for that entry. You can adjust which attributes are shown and which attributes are hidden in the properties screen by clicking the Show All or Hide Empty Values option at the top-right of the screen.

15.1.2.3 Modifying Attributes of Virtual Directory Tree Entries

You can modify and delete attributes of the virtual directory tree entries using the Client View Browser. You cannot add entries using the Client View Browser.

Perform the following steps to modify attributes of virtual directory tree entries using the Client View Browser:

Expand the Client View entry in the Data Tree. The namespaces of the entries in the virtual directory appear.

Navigate to the entry you want to modify by expanding the appropriate namespace and then click the entry. The details for that entry appear in the main screen and are organized by context-sensitive tabs, such as Attributes, Person, and Groups, depending upon the type of entry.

The following are common procedures for modifying entries. Regardless of the specific procedure you perform, after modifying an entry, click Apply to save your changes or Revert to discard them.

Notes:

To modify the attributes for all types of entries, click the Attributes tab and make the desired changes. By default, only non-empty attributes are shown. You can switch between Managed Attributes and Show All by using the Views list.

To change the list of attributes shown as managed attributes, click the icon under Optional Attributes. Select attributes you want to move from the All Attributes list to the Shown Attributes lists and use the Move and Move All arrows to move the attributes. Select attributes you want to move from the shown Attributes list to the All Attributes lists and use the Remove and Remove All arrows to move the attributes. Click Add Attributes to make your changes take effect or click Cancel to discard your changes. After you click Add Attributes, only the attributes that were on the Shown Attributes list are shown in the Managed Attributes view.

To add an object class:

Click the Attributes tab.

Click the Add icon next to objectclass and use the Add Object Class dialog to select object class entries. Optionally, use the search box to filter the list of object classes. To add the object class, click it and then click OK.

To delete an object class:

Click the Attributes tab.

Select the object class you want to delete.

Click the Delete icon next to objectclass. The Delete Object Class dialog lists the attributes to be deleted with that class.

Click Delete to proceed or Cancel to cancel the deletion.

To modify person entries:

Click the Person tab.

Modify the information as needed. To upload a photograph for the person entry, click Browse, navigate to the photograph, then click Open. To update the photograph, click Update and follow the same procedure. Click the Delete icon to delete the photograph.

To modify group entries:

Click the Group tab.

Click Add or Delete in the appropriate text box to add or delete a group owner or member.

15.1.2.4 Unlocking User Accounts

When you map an Oracle Virtual Directory LDAP Adapter to the Oracle Internet Directory LDAP server, the pwdaccountlockedtime attribute becomes available in Oracle Internet Directory.

If Oracle Directory Services Manager finds the pwdaccountlockedtime attribute with a value of "1," the orclpwdaccountunlock attribute appears and the account is locked. The orclpwdaccountunlock attribute also triggers the Unlock Account button in the Oracle Directory Services Manager Data Browsers tab.

Note:

You can use the Unlock Account button for entries from an Oracle Internet Directory LDAP Adapter.

Unlock Account is only available for other LDAP Adapters if you map the password policy attribute to the orclpwdaccountunlock attribute.

15.1.2.5 Importing an LDIF File

Perform the following steps to import LDIF files into the Oracle Virtual Directory using the Client View data browser:

Verify the LDIF file you want to import has a valid version number in the first line in the file. Oracle Virtual Directory requires that all LDIF files to be imported must contain this version number at the beginning of the file. If the file does not have a version number in the first line, add version: 1 to the beginning of the file.

The Adapter Browser enables you to view data as it exists in both LDAP and Database Adapter connected repositories. The Adapter Browser enables you to see what data looks like before it is virtualized by Oracle Virtual Directory. You can also modify and delete attributes of the source entries using the Adapter Browser.

This section explains how to perform the following Adapter Browser tasks:

When you click the name of an existing adapter in the Adapter Browser, the configuration of the adapter appears in the main Oracle Directory Services Manager screen. This adapter configuration information is read only—you cannot edit an adapter's configuration using the Adapter Browser.

Data from Join View and Local Store Adapters is not visible from the Adapter Browser.

15.1.3.1 Viewing Source Repository Entries

Perform the following steps to view data as it exists in the remote, underlying repositories for each adapter defined using the Adapter Browser:

Expand the Adapter Browser entry in the Data Tree. The names of the adapters that are connected to data repositories appear.

Expand the entry for the adapter that contains the source entries you want to view. The entries for the adapter appear.

Click the entry you want to view. The source data for that entry appears in the properties screen. By default, the properties screen displays only the attributes for the entry that have values. Select the Show All option to view all attributes for the entry.

Expand the Adapter Browser entry in the Data Tree. The names of the adapters that are connected to data repositories appear.

Expand the entry for the adapter that contains the source entries you want to modify. The entries for the adapter appear.

Click the entry you want to modify. The details for that entry appear in the main screen and are organized by context-sensitive tabs, such as Attributes, Person, and Groups, depending upon the type of entry.

The following are common procedures for modifying entries. Regardless of the specific procedure you perform, after modifying an entry, click Apply to save your changes or Revert to discard them.

Notes:

To modify the attributes for all types of entries, click the Attributes tab and make the desired changes. By default, only non-empty attributes are shown. You can switch between Managed Attributes and Show All by using the Views list.

To change the list of attributes shown as managed attributes, click the icon under Optional Attributes. Select attributes you want to move from the All Attributes list to the Shown Attributes lists and use the Move and Move All arrows to move the attributes. Select attributes you want to move from the shown Attributes list to the All Attributes lists and use the Remove and Remove All arrows to move the attributes. Click Add Attributes to make your changes take effect or click Cancel to discard your changes. After you click Add Attributes, only the attributes that were on the Shown Attributes list are shown in the Managed Attributes view.

To add an object class:

Click the Attributes tab.

Click the Add icon next to objectclass and use the Add Object Class dialog to select object class entries. Optionally, use the search box to filter the list of object classes. To add the object class, click it and then click OK.

To delete an object class:

Click the Attributes tab.

Select the object class you want to delete.

Click the Delete icon next to objectclass. The Delete Object Class dialog lists the attributes to be deleted with that class.

Click Delete to proceed or Cancel to cancel the deletion.

To modify person entries:

Click the Person tab.

Modify the information as needed. To upload a photograph for the person entry, click Browse, navigate to the photograph, then click Open. To update the photograph, click Update and follow the same procedure. Click the Delete icon to delete the photograph.

To modify group entries:

Click the Group tab.

Click Add or Delete in the appropriate text box to add or delete a group owner or member.

This section explains how to manage Oracle Virtual Directory schema using Oracle Directory Services Manager. If you use ldapmodify to modify Oracle Virtual Directory schema, be aware of the following items:

Oracle Virtual Directory expects schema keywords (such as name) to be in all capital letters (NAME).

Oracle Virtual Directory does not support the ldapmodify replace operation when modifying schema.

15.2.1 Managing Oracle Virtual Directory Schema Attributes

This section explains how to manage Oracle Virtual Directory schema attributes and contains the following tasks:

Expand the Attribute Types entry. The Attribute Type controls, including search field, and a list of the existing schema attributes appear.

Enter a string to search for in the search field. Two pattern matching characters are supported, * and ?. Use the * character as a wildcard to match zero or more characters. Use the ? character to match one single character. For example, the search string auth???????? returns the attribute authPassword.

Click the Go (>) icon to start the search. The attributes that match the search criteria appear in the navigation tree.

Expand the Attribute Types entry. A list of the existing schema attributes appears.

Click the Create button. The New Attribute Type dialog box appears.

Enter the following information in the New Attribute Type dialog box fields:

Enter the name of the attribute in the Name field.

Enter a unique object identifier specified by ICANNS in the Object ID field. If not registered, any unique value will suffice. Oracle recommends registering all custom attributes by using a unique object identifier.

Optionally, enter a description for the attribute in the Description field.

Select the format for the attribute value by selecting an option in the Syntax list. Oracle Virtual Directory uses parent syntax values only.

Enter the bytes length of the attribute in the Size (bytes) field. 0 or no value (empty) implies unlimited. Oracle Virtual Directory does not enforce this attribute definition.

Select a standard from the Usage list for how the attribute can be used.

Enter an Object ID matching rule in the Ordering field for ordered searching. Oracle Virtual Directory does not use this attribute definition.

Enter a matching rule Object ID in the Equality field for equality. Oracle Virtual Directory does not use this attribute definition.

Enter a matching rule Object ID in the Substring field for substring searching. Oracle Virtual Directory does not use this attribute definition.

Enable the Single Value option if the attribute may hold only a single value at a time. If this option is not enable, the attribute may hold multiple values.

Optionally, select a parent attribute for the new attribute by selecting an existing attributes from the Superior list.

Note:

One problem with managing an LDAP schema is knowing to which objectclass, or objectclasses, an attribute belongs. While every objectclass shows the attributes it contains, directory administrators often want to know which objectclass is using an attribute; particularly for custom attributes.

When you select an attribute from the Attribute Types list, Oracle Directory Services Manager displays information about that attribute, including a Referenced By table. This table shows which direct objectclasses are using the selected attribute and how that attribute is being referenced. (Attributes are referenced as mandatory or optional.)

Be aware that the Referenced By table does not list any objectclasses that inherit the attribute (use it indirectly). For example, if sn is referenced by the person objectclass, the Referenced By table only lists the person objectclass. The table does not list the inetorganizationalperson or organizationalperson objectclasses, which are inherited from the person objectclass.

Click OK on the New Attribute Type dialog box to create the attribute. The new attribute appears in the Attribute Types tree.

15.2.1.3 Creating "Like" Schema Attributes

Oracle Directory Services Manager provides the ability to create new Oracle Virtual Directory schema attributes that are similar— or "like"—an existing attribute. This ability is known as "Create Like." When you create a new attribute like an existing attribute, you select an existing attribute to base the new one on and then you modify the base attribute's definitions to make it unique.

Perform the following steps to create an attribute like an existing attribute using Oracle Directory Services Manager:

Expand the Object Classes entry. The Object Class controls, including search field, and a list of the existing schema object classes appear.

Enter a string to search for in the search field. Two pattern matching characters are supported, * and ?. Use the * character as a wildcard to match zero or more characters. Use the ? character to match one single character. For example, the search string inet???person returns the object class inetOrgPerson.

Click the Go (>) icon to start the search. The object classes that match the search criteria appear in the navigation tree.

Enable the Obsolete option to mark the object class as obsolete for administrative purposes. Oracle Virtual Directory does not enforce this object class definition.

Select the type of object class by selecting one option from the following Type list. Oracle Virtual Directory does not enforce this object class definition.

Select Abstract if the object class represents object classes to be inherited by another class and not intended to be used directly by an object.

Select Auxiliary if the object class will be used to add additional attributes to an existing object (based on a structural object class).

Select Structural if the object class can form an entry.

Select a parent object class for the new object class by selecting an existing object class from the Superior list. If you do not select a parent object class the new object class must be descendant from top.

Add attributes that must be present in the object class by clicking the Add button in the Mandatory Attributes field, selecting an attribute from the list of existing attributes in the Mandatory Attribute Selector dialog box, and clicking OK. You can delete Mandatory Attributes by selecting the attribute and clicking the Delete button.

Add attributes that may optionally be supplied in the object class by clicking the Add button in the Optional Attributes field, selecting an attribute from the list of existing attributes in the Optional Attribute Selector dialog box, and clicking OK. You can delete Optional Attributes by selecting the attribute and clicking the Delete button.

Click OK on the New Object Class dialog box to create the object class. The new object class appears in the Object Classes tree.

15.2.2.3 Creating "Like" Schema Object Classes

Oracle Directory Services Manager provides the ability to create new Oracle Virtual Directory schema object classes that are similar— or "like"—an existing object class. This ability is known as "Create Like." When you create a new object class like an existing object class, you select an existing object class to base the new one on and then you modify the base object class's definitions to make it unique.

Perform the following steps to create an object class like an existing object class using Oracle Directory Services Manager: